Smart card with self-detachment features and related methods

ABSTRACT

An integrated circuit for a smart card may include at least one data terminal for providing communications with a host device and a processor for providing an attachment signal on the at least one data terminal for recognition by the host device. Further, the processor may also cooperate with the host device to perform an enumeration based upon at least one default descriptor. In addition, based upon a system event, the processor may selectively remove the attachment signal from the at least one data terminal and thereafter again provide the attachment signal on the at least one data terminal and cooperate with the host device to perform a new enumeration based upon at least one alternate descriptor.

FIELD OF THE INVENTION

The present invention relates to the field of information processing andstorage, and, more particularly, to smart cards and related methods.

BACKGROUND OF THE INVENTION

Smart cards are becoming increasingly more popular for security andpersonal identification applications. For example, smart cards arecurrently used for storing sensitive data such as medical records,banking information, etc. In perhaps their most common form, smart cardshave a card body which resembles a credit card in size, shape, andthickness, and they may even be made out of similar materials, such asplastic. Yet, rather than simply having a magnetic stripe to storesensitive information (e.g., account numbers, user identification, etc.)as standard credit cards do, smart cards generally include an integratedcircuit (IC). The IC not only includes a non-volatile memory for storingsuch sensitive information, but it may also include a microprocessor forprocessing this information and communicating with a host device via acard reader, for example. Accordingly, not only can smart cards storemore information than magnetic stripe cards, but they also have muchgreater functionality.

Various protocols have emerged to standardize the operation andcommunications of devices such as smart cards. One of the earliest ofthese was developed by the International Organization forStandardization (ISO) and is known as the ISO 7816-X protocol. Inparticular, this protocol is set forth in ISO documents ISO 7816-1(Physical Characteristics), ISO 7816-2 (Dimensions and Locations ofContacts), ISO 7816-3 (Electronic Signals and Transmission Protocols),ISO 7816-10 (Electronic Signals and Answer to Reset for SynchronousCards), and ISO 7816-12 (USB Interface), for example, all of which arehereby incorporated herein in their entirety by reference.

Furthermore, in response to the increasing popularity of the universalserial bus (USB) architecture, increasing numbers of smart cardscontinue to be developed which operate in accordance with the USBprotocol. This protocol is set forth in the Universal Serial BusSpecification, Revision 2.0, Apr. 27, 2000, published by USBImplementers Forum, Inc., which is hereby incorporated herein in itsentirety by reference. The USB architecture is particularly advantageousin that it provides a standard “plug and play” interface for devicesexternal to a computer, for example. That is, external peripheraldevices can be relatively quickly and easily installed and removed froma host device, such as a computer, without having to open or power downthe computer.

In accordance with the USB Specification, the host device operates asthe master of the system bus, and all of the USB devices connected tothe system bus operate as slave devices. A USB system bus includes twodata lines D+ and D−, over which differential serial data signals aretransmitted. Moreover, the USB system bus also includes a power lineV_(BUS) which may be used to provide an operating voltage from the hostdevice to USB devices without their own source of power, as well as aground line.

Accordingly, upon connection to the system bus, a USB smart card willreceive power from the power line V_(BUS) which will cause its processorto initialize and announce its presence so that the host device willrecognize the device. This is done by connecting a predetermined voltage(e.g., 3.3 V) as an attachment signal to one or both of the data linesD+, D− via a respective pull-up resistor depending upon the datatransfer speed at which the smart card is to operate. In particular, theUSB Specification defines three data transfer rates, namely low speed(1.5 Mb/s), full speed (12 Mb/s), and high speed (480 Mb/s).

Generally speaking, once the USB smart card is recognized by the hostdevice, the smart card will send information identifying itself and itscapabilities to the host device when prompted. This information isincorporated within various descriptors, namely device descriptors,configuration descriptors, interface descriptors, endpoint descriptors,and (optionally) string descriptors. Further information on USBdescriptors may be found in the USB Specification. The host device willinterpret this data using an appropriate driver and then inform thesmart card what configurations and system resources it will be allottedduring the current session. The smart card uses this information toenumerate itself for use in the system.

One particularly advantageous approach for managing pull-up connectionsto the differential data lines is disclosed in U.S. Application SerialNo. 2002/0066791 to Leydier et al., assigned to the assignee of thepresent application, and which is hereby incorporated herein in itsentirety by reference. In particular, this application is directed to asmart card which has an IC with voltage conditioning circuitry and apull-up resistor. The smart card, when inserted in a smart card adaptercoupled to a host device, is capable of signaling the host device over abus using the integrated pull-up resistor selectively coupled to avoltage output of the voltage conditioning circuitry and a first outputof the smart card.

The voltage conditioning circuitry output is selectively coupled to thefirst output through the resistor responsive to the device being poweredby the bus (but not transmitting). This tends to pull up the firstoutput to the voltage level of the voltage source, which makes the smartcard capable of being properly detected by the host device upon the busbeing driven by a host. Selectively disconnecting the pull-up resistorwhile the smart card is transmitting or receiving results in a morebalanced differential output signal. Since the pull-up resistor andvoltage conditioning circuitry supplying the proper voltage to thepull-up resistor are an integrated part of the IC, no separate contactis required to supply voltage to the resistor. This permits the smartcard to be compatible with the contact configuration of certain existingsmart cards, and eliminates the need for the pull-up resistor or voltageconditioning circuitry to be included in the smart card adapter.

Moreover, the device may also be detached from the system bus for otherreasons. For example, the device may be detached to perform are-enumeration, to conserve power, to reduce communications overheadprocessing by the host device, or when the V_(BUS) power supply is notwithin the range specified by the USB Specification.

Because of the enhanced functionality afforded by the USB Specificationand the significant computing power which may be included in USB smartcard integrated circuits, it is possible not only to support multipleapplications with a smart card, but also multiple configurations, suchas endpoint configurations, for example. An example of a USB devicewhich supports two different endpoint configurations is disclosed inU.S. Pat. No. 6,122,676 to Brief et al. In particular, this patent isdirected to a USB device which includes two mappings for relating areceived token to an endpoint pipe. A host controller selects which ofthe two mappings the USB device will use during initialization orenumeration, and the host controller can also cause the USB device tochange between the two configurations during operation.

While the above USB smart card devices provide improved operationalflexibility, greater flexibility may be required in certain applicationsto achieve desired bandwidth utilization or even security againstattacks to the USB system, for example.

SUMMARY OF THE INVENTION

In view of the foregoing background, it is therefore an object of thepresent invention to provide an integrated circuit, such as for a smartcard, which provides self-detachment and re-enumeration features andrelated systems and methods.

This and other objects, features, and advantages in accordance with thepresent invention are provided by an integrated circuit for a smart cardwhich may include at least one data terminal for providingcommunications with a host device and a processor for providing anattachment signal on the at least one data terminal for recognition bythe host device. Further, the processor may also cooperate with the hostdevice to perform an enumeration based upon at least one defaultdescriptor. In addition, based upon a system event, the processor mayselectively remove the attachment signal from the at least one dataterminal and thereafter again provide the attachment signal on the atleast one data terminal and cooperate with the host device to perform anew enumeration based upon at least one alternate descriptor.

More particularly, the processor may detect certain system events whichmay make the current or default settings established based upon the atleast one default descriptor undesirable, and, in response, remove theattachment signal from the at least one data terminal and re-enumerateto change the default settings. By way of example, the system event maybe a system utilization metric exceeding a threshold. For example,several devices could be connected to the host device which consumelarge amounts of system bus bandwidth. In such case, the systemutilization metric may indicate that the system bus utilization is abovea threshold, which would prompt the processor to remove the attachmentsignal so that it is no longer recognized by the host device. Theprocessor would then cooperate with the host device to re-enumerate(i.e., following a re-attachment) using one or more alternatedescriptors that would allow it to more efficiently utilize the limitedbandwidth.

Another example of a system event may be the occurrence of attemptedunauthorized communications. That is, if the processor perceives anattack on the system by an unauthorized user or eavesdropper, it mayremove the attachment signal and then re-enumerate using a more secureconfiguration to reduce the likelihood of being compromised by such anattack.

It should be noted that traditional ISO smart cards will go “mute” undersuch circumstances. However, current smart card designs generally havefairly robust CPUs, more memory, improved anti-tamper mechanisms, etc.,as well as some additional (and previously unseen) evasionpossibilities. Also, USB allows VSR enumeration/re-enumeration, multiplecommunication pipelines, USB on-the-go, etc. As the world expands fortoday's smart cards, so to does their ability to act and react toperceived attacks, while still keeping their propriety architecturessecure.

The integrated circuit may further include at least one power terminalconnected to the processor, and the processor may receive power via theat least one power terminal during removal of the attachment signal.That is, the processor will still receive power and continue to operateeven though it is no longer communicating with the host device. As such,the processor may monitor communications with the host device in a“mute” mode during removal of the attachment signal, for example, ifdesired.

The at least one alternate descriptor may include at least one devicedescriptor, configuration descriptor, interface descriptor, and/orendpoint descriptor, for example. Also, the processor may operate in auniversal serial bus (USB) mode, for example, and the at least one dataterminal may include first and second data terminals for differentialdata signals, namely D+ and D− terminals in the case of USB operation.

A smart card in accordance with the present invention includes a smartcard body and an integrated circuit, such as the one described brieflyabove, carried by the smart card body. Additionally, such a smart cardmay be included within a smart card system further including a hostdevice and a smart card adapter connected to the host device for readingthe smart card.

A method aspect of the invention is for operating a smart card includingat least one data terminal. The method may include providing anattachment signal on the at least one data terminal for recognition by ahost device, and cooperating with the host device to perform anenumeration based upon at least one default descriptor. Further, basedupon a system event, the attachment signal may be selectively removedfrom the at least one data terminal and thereafter again provided on theat least one data terminal, and the smart card may cooperate with thehost device to perform a new enumeration based upon at least onealternate descriptor.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic block diagram of a smart card system in accordancewith the present invention.

FIG. 2 is schematic block diagram illustrating the smart card integratedcircuit of FIG. 1 in greater detail.

FIGS. 3 and 4 are flow diagrams illustrating methods for operating asmart card in accordance with the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention will now be described more fully hereinafter withreference to the accompanying drawings, in which preferred embodimentsof the invention are shown. This invention may, however, be embodied inmany different forms and should not be construed as limited to theembodiments set forth herein. Rather, these embodiments are provided sothat this disclosure will be thorough and complete, and will fullyconvey the scope of the invention to those skilled in the art. Likenumbers refer to like elements throughout, and prime notation is used toindicate similar elements in alternate embodiments.

Referring initially to FIG. 1, a smart card system 20 in accordance withthe present invention illustratively includes a host device 21 having acommunications port 22, a smart card adapter or adapter 23 connected tothe communications port, and a smart card 24 to be read by the smartcard adapter. Generally speaking, the host device 21 will be a computerof some type, which could be a personal computer (PC), laptop, etc., forexample.

Of course, smart card systems take many forms, so the host device 21could be any number of computing devices capable of interfacing with asmart card, such as a cable or satellite television receiver/decoder, anautomated teller machine (ATM) or other banking machine, a point-of-sale(POS) device (e.g., a cash register), etc., depending upon the givenapplication. Another example would be a personal data assistant (PDA) orother USB device that is ordinarily a slave to a USB bus master (i.e.,host), but when used in a USB on-the-go (OTG) mode can itself act as alimited USB bus master.

In the case of an ISO 7816 type smart card system, the port 22 may be aserial communications port connected to the internal system bus of thehost device 21 (not shown). In the case of a USB type smart card system,the port 22 will be a USB port which is also connected to the internalsystem bus of the host device 21, as will be appreciated by those ofskill in the art. The smart card system 20 may advantageously beimplemented as an ISO 7816 type system, a USB system, or a dual modesystem which operates in both modes, for example, similar to the systemdescribed in U.S. Pat. No. 6,439,464 to Fruhauf et al., assigned to theassignee of the present invention, and which is hereby incorporatedherein in its entirety by reference. Of course, other suitable smartcard formats may also be used, as will be appreciated by those of skillin the art.

The smart card adapter 23 is of a type compatible with the particularoperational protocol being implemented in the system 20 (e.g., an ISO7816 type card reader, a USB type card reader, etc.). Of course,multiple readers 23 may be used, as well as multi-purpose readers whichread more than one type of smart card or multi-mode smart cards. Inaddition, the card reader 23 can be remotely located with respect to thehost device 21, but it need not be. That is, in some embodiments thecard reader 23 can be incorporated within the host device 21 or carriedby a housing thereof, as will be appreciated by those of skill in theart. Additionally, in some embodiments the smart card adapter 23 may beincorporated into a smart card integrated circuit chip (see below),reducing the “reader” to little more that a “pass through” connector.

The smart card 24 illustratively includes a card body 25 and anintegrated circuit (IC) 26 carried by the card body. Further, the smartcard also illustratively includes contacts 27 for providing anelectrical connection between the smart card adapter 23 and the IC 26.Of course, it will be appreciated that in some embodiments the smartcard 24 may be wireless and thus not require the contacts 27. In suchevent, an antenna may be used instead of the contacts 27, for example.Yet, for clarity of explanation, the present application will referparticularly to the examples of ISO 7816 and USB type smart cards, eachof which uses a respective connector configuration defined by thevarious protocol documents noted above. Thus, the use of physicalcontacts 27 on the card body 25 (and corresponding contacts at the cardreader 23) will be assumed for purposes of the present discussion.

It should be noted that the smart card body 25 may be made of varioustypes of materials and take various shapes. Perhaps the most commonmaterial used for smart cards is plastic, but other suitable materialsmay also be used. Moreover, smart cards are also generally rectangularin shape and thin enough to fit in a wallet, similar to a credit card,but again, other shapes and thicknesses may be used. The IC 26 may beencased within the card body 25, as illustratively shown, or it may berecessed therein but still exposed. Other mounting configurations arepossible, as will be appreciated by those of skill in the art, which areanticipated by the present invention. It should also be noted that thesmart card 24 may be incorporated or built into another device as atoken or identification circuit therefor, for example.

More particularly, the IC 26 illustratively includes a transceiver 30which is connected to the contacts 27 and sends/receives signals to/fromthe host device 21 via the smart card adapter 23, as will be appreciatedby those of skill in the art. The transceiver 30 is controlled by aprocessor 31 which also performs the various smart card operations, aswill be discussed further below. Furthermore, buffer circuitry 32 isincluded within the IC 26 for buffering signals transmitted between theIC and the host device 21. One particularly advantageous bufferconfiguration which may be used in accordance with the present inventionis disclosed in co-pending U.S. patent application entitled SMART CARDWITH SELECTIVELY ALLOCATABLE DATA BUFFERS AND ASSOCIATED METHODS,attorney docket no. 02-AU-091 (52041), the entirety of which is herebyincorporated by reference.

An exemplary USB embodiment of the IC 26′ is illustratively shown inFIG. 2. As noted above, a USB device announces its presence to a hostdevice by providing an attachment signal on one or both of thedifferential signal lines D+, D− of the system bus. In the illustratedembodiment, the IC 26′ includes data terminals 34′, 35′ which areconnected via the contacts 27 to the differential signal lines D+, D− ofthe system bus, respectively.

Moreover, the IC 26′ also illustratively includes random access memory(RAM) 33 a′, and non-volatile memory 33 b′ (e.g., electrically erasableprogrammable read only memories (EEPROMs), etc.). The RAM 33 a′ may beused for temporarily storing data to be processed, for example, and mayalso be used for storing look-up tables for allocating data torespective smart card applications, as will be discussed further below.The non-volatile memory 33 b′ may be used for storing permanent and/orsemi-permanent information which needs to be retained by the IC 26′ whennot connected to (and powered by) the smart card adapter 23 (e.g.,device descriptors, configuration descriptors, interface descriptors,endpoint descriptors, string descriptors, supported USB requests, etc.).

The IC 26′ further includes power terminals 36′, 37′ for connection tothe V_(BUS) and ground lines of the system bus, respectively. Moreover,the IC 26′ also illustratively includes voltage conditioning circuitry38′ connected to the V_(BUS) and ground lines for providing theappropriate voltage level (e.g., 3.3 V) at the data terminals 34′, 35′as an attachment signal for recognition of the smart card 24 by the hostdevice 21.

In particular, when the IC 26′ is to operate in a low speed USB mode,the processor 31′ causes the attachment signal to be provided to the D−terminal 35′ via a pull-up resistor 39′ by controlling a switch 40′.Similarly, when the IC 26′ is to operate in a full speed mode, theattachment signal is applied to the D+ terminal 34′ via a pull-upresistor 41′ by controlling a switch 42′. Attachment for high-speedoperation initially involves application of an attachment signal to theD+ terminal 34′ via a pull-up resistor 41′ as well (for more details onhigh speed attachment, see Section 7.1 of the USB Specification). Oneparticularly advantageous approach for implementing the voltageconditioning circuitry 38′ and switching circuitry 40′, 42′ may be foundin the above-described application of Leydier et al., although othersuitable circuitry may also be used.

In accordance with the present invention, the card memory 33 not onlystores default descriptors for enumerating the smart card 24, as notedabove, but it also stores alternate descriptors that may advantageouslybe used instead of one or more of the default descriptors forenumerating the smart card. More particularly, the use of the defaultand alternate descriptors for enumeration of the processor 31′ will nowbe described with reference to the flow diagrams of FIGS. 3 and 4.Beginning at Block 50, upon first being connected to the smart cardadapter 23, the processor 31′ receives its operating voltage from theV_(BUS) terminal 36′, which causes it to begin initializing. (It shouldbe noted that the smart card 24 could be (or be included within) aself-powered device which need not receive power from the V_(BUS)terminal 36′ to begin such initialization in some embodiments.)

More particularly, following the detection and stabilization of itsoperating voltage, the processor 31′ commences and completes itspower-on-reset (POR) sequences, as will be appreciated by those of skillin the art. The default device descriptor(s) for the smart card 24 whichresides in the memory 33′ is then retrieved and loaded in theappropriate registers, etc. for communication to the host device 21.

The processor 31′ makes its presence known on the system bus byconnecting the appropriate pull-up resistor 39′, 41′ to the D− and/or D+terminals 34′, 35′, respectively, as described above, (and viaappropriate signaling protocols, in the case of high speed operation,for example) at Block 51. This is also referred to as “attaching” to thesystem bus. Generally speaking, the presence of the newly attached smartcard 24 is observed by the upstream smart card adapter 23, and thisinformation is relayed to the host device 21. Once the host device 21has queried the smart card 24 for its device descriptor, an appropriateUSB driver is loaded at the host device for communicating with the smartcard. The USB driver will then query the smart card 24 for its remainingdescriptors (e.g., configuration, interface, device, and/or stringdescriptors).

Once the USB host has received the descriptors, it processes thesedescriptors and, depending in large part upon the bandwidth/processingrequirements of other devices connected to the system bus, determineswhat resources to allocate to the smart card 24. The host device 21 thentransmits this allocation information to the smart card 24, and theprocessor 31′ enumerates itself for use in the system 20 based thereon.By way of example, such allocation information may include bandwidthallocations for the supported endpoints, allowed data transmissionspeed, etc.

Moreover, it should be noted that the IC 26′ may in some embodimentsadvantageously be used for performing a plurality of smart cardapplications. Indeed, the USB Specification provides for multipleapplications in a given USB device, for example, and the ever-increasingcomputing power available on smart cards is allowing smart cards to takeadvantage of this functionality. In fact, the processor 31′ may have itsown an embedded operating system capable of managing multiple concurrent(and embedded) applications (e.g., Java applets). These embeddedapplications may work in cooperation with the host-side applications(e.g., user log-in and authentication applications, Internet-basedbanking applications, digital rights management applications foraudio/video transfer, etc.). Of course, numerous other applications maybe used in accordance with the present invention, as will be appreciatedby those skilled in the art.

Yet, without the ability to quickly and accurately allocate data torespective applications, the implementation of numerous smart cardapplications can become unmanageable. As such, the processor 31′ mayadvantageously generate a look-up table as part of (or after) itsenumeration for allocating data to respective smart card applicationssupported by the processor. More particularly, in the USB environment,the various supported applications have respective endpoints associatedtherewith. Each endpoint is essentially a direct pipeline to one or morefunctions of a given applications. For example, a given application willtypically have a control endpoint for communicating control requests forthe application. It may also have an interrupt endpoint for interruptrequests, as well as one or more bulk and/or isochronous endpoints fordata transfer.

Accordingly, in the exemplary USB implementation, the processor 31′ mayoptionally generate a look-up table, based upon PC application (anddriver) information, which allocates data received from the host device21′, for example, to the appropriate endpoint established duringenumeration for that data, at Block 53. As such, by generating thelook-up table and using it for managing for data allocation, theprocessor 31′ advantageously allows substantially simultaneous access tomultiple and unrelated smart card resources.

In accordance with another advantageous aspect of the invention, theprocessor 31′ detects one or more system events which indicate thatre-enumeration based upon one or more of the alternate descriptors isappropriate, at Block 54. By way of example, the system event may be asystem utilization metric exceeding a threshold, at Block 60′. Forexample, a suitably crafted USB driver may not only collect the defaultdescriptors from the processor 31′, but it may also collect relevantinformation regarding the nature of the other USB devices which arecurrently being managed by the host device 21.

Based upon this information, the driver may then relay the appropriateinformation back to the processor 31′, which may include an embeddedapplication that uses this information to determine whether some otherconfiguration is more desirable. In particular, this determination maybe based upon factors such as the types of PC-based applicationsrequesting resources of the smart card 24 and their likely bus bandwidthrequirements, as well as the number and types of other USB devicesconnected to the system bus and their bus bandwidth allocations, forexample.

If the system event has occurred and the processor 31′ determines thatanother configuration is appropriate, the processor will then “detach”itself from the bus by opening the appropriate switch 39′, 41′, at Block55, so that the attachment signal(s) will no longer be provided and itspresence will cease to be recognized by the host device 21. Furthermore,the processor 31′ may then generate a new look-up table based upon theresults of the new enumeration, at Block 56. That is, because varioussettings of the smart card 24 may change from one enumeration to thenext, the processor 31′ advantageously generates new look-up tables fordata allocation as required to account for the reallocation ofendpoints, etc.

It should be noted that the look-up table(s) content is established bythe USB smart card processor 31′ (i.e., there is no control by the hostdevice) based upon decisions it has made. These decisions are influencedby information it has received from the “smart” USB driver (i.e.,information about bus utilization, etc., as it is loaded into thekernel) and/or an application (i.e., software) running on the hostdevice 21, which uses the smart card resources of the USB smart carddevice. Therefore, the look-up table(s) is preferably prepared beforeenumeration, and more particularly before assertion (i.e., attachment ofthe USB speed detect pull-up resistors to the D+/D− signal lines).

Later, the device may selectively “detach” (due to a “system event”),change its descriptors and look-up table mappings, reattach andrenumerate. That is, the processor 31′ reattaches itself to the systembus by providing the attachment signals(s), as noted above (Block 57),and then proceeds to cooperate with the host device 21 as describedabove to perform a new enumeration, but this time using one or more ofthe alternate descriptors, at Block 58, thus concluding the illustratedmethod (Block 59). Indeed, with the new enumeration sequence, theprocessor 31′ may identify itself such that it will more appropriatelymatch the particular USB environment and requirements of the PC-based(or other) applications operating in the system 20 which may soon useits resources, or better utilize available bus bandwidth, for example.It should be noted that a combination of the default and alternatedescriptors may be used during successive or new enumerations, i.e., notall of the default descriptors need be changed.

Another example of a system event which may trigger a new enumeration isthe occurrence of attempted unauthorized communications, at Block 61′,such as would be the case when someone attempts to eavesdrop or hackinto the system 20. In particular, observation, tampering, or attackingentities generally rely upon known functionalities and modes ofoperation of the object of their attack. The target of such activitiesis very often monolithic in the manner in which it will behave, makingit easier for the observer or attacker to figure out what is going oninside the target.

However, since the smart card 24 in accordance with the invention canadvantageously change its attributes and how it behaves and appearsusing alternate descriptors, this will make it much more difficult for awould-be hacker to compromise the security of the smart card 24. Thatis, the ability to adjust descriptors and endpoint support, inconjunction with the ability to detach and re-attach, makes it possiblefor the smart card 24 to still perform its intended duties, but in amanner which is less predictable to a would-be hacker or eavesdropper.The ability of a would-be hacker to isolate the smart card 24 as atarget by its USB address can be guarded against by effectively changingthis address using alternate descriptors. Moreover, if particularendpoints and/or transfer modes are being used to isolate the smart card24 as a target, the processor 31′ can modify the signature patternswhich make it “visible” using alternate descriptors, as will beappreciated by those of skill in the art.

Moreover, because the processor 31′ will continue to receive itsoperating voltage (i.e., V_(BUS)) during the selective removal of theattachment signals, as noted above, the processor 31′ may monitorcommunications with the host devices 21 (i.e., between the host deviceand other devices connected to the system bus) in a “mute” mode duringremoval of the attachment signal, for example, if desired. As such, theprocessor 31′ may keep the smart card 24 in the mute mode until theperceived attack is no longer present, and then initiate there-attachment and new enumeration. Of course, in some embodiments thedriver may disable the downstream port associated with the smart cardadapter 23 to which the smart card 24 is attached, which would preventoperation in the mute mode.

Other exemplary system events which may cause the processor 31′ todetach from the system bus and perform a new enumeration may include theavailability of support for multi-application services, a requirement oravailability to change between data transmission speeds (i.e., betweenlow, full, and high speeds), and/or the need to perform a more“sophisticated” power-up or power-down sequence, as will be appreciatedby those skilled in the art. Other system events will also beappreciated by those of skill in the art and are contemplated by thepresent invention.

It should be noted that in some embodiments the IC 26′ may also includea mechanism for overwriting those portions of the registers, etc., whichstore the information about supported endpoints, alternate settings,configurations, and interfaces, as described above. Similarly, it mayalso be desirable in some embodiments to include a mechanism by whichthe processor 31′ may overwrite the contents of the registers, etc.,which store the device descriptor of the smart card 24. Moreover, theway in which the smart card 24 announces its presence to the host device21 may vary depending upon the particular protocol or implementationused, as will be appreciated by those skilled in the art.

It should also be noted that after each enumeration of a USB device a PCdriver is loaded in memory. The PC driver is selected based upon aserial number ID and product ID sent during the enumeration phase. ThePC driver can also be available for a class of devices. In this case,the USB device sends the type of class IDs that are compatible duringthe enumeration, and the class driver is automatically loaded. Thus, inaccordance with the invention, if the USB device during the enumerationindicates a special driver and the driver is not present, the device canre-numerate with another driver, vendor ID, or class ID until it findsthe correct driver. It could also download, for example, a new Javaapplication. It may then need to load a new PC class, driver, etc. Thisprocess could also be used for security reasons. A USB device could jumpfrom one PC driver to another one, and it thus becomes difficult to“spy” on its communication at the PC kernel level, as will beappreciated by those skilled in the art.

Various advantages of the present invention will be apparent to thoseskilled in the art from the foregoing discussion. For example, multiplehost-based applications may be supported and run simultaneously on thesame bus, and each with different characteristic bus utilizationrequirements. The present invention also promotes increased utilizationof available USB smart card device resources, as well as the capabilityto handle relatively high speed bus bandwidth applications, such asreal-time bi-directional data streaming and processing and digitalrights management, for example. Further, the present invention providescontinued support not only for more traditional, low-speed bus bandwidthapplications, but also for high-speed bus bandwidth applications such asthose noted above.

The various features and advantages of the present invention will befurther appreciated with reference to a brief discussion of some of thepeculiarities and challenges unique to smart cards. In contrast totypical ISO, USB, etc., devices, smart cards (i.e., smart card ICs) arevery secure (i.e., mechanically, physically, electrically, andprogrammatically). Moreover, smart card ICs have exceptionally fewphysical pathways between their die and the outside world.

Generally speaking, the flow of data into and out of the “core” of asmart card IC is very carefully managed by a USB Device Core (UDC),well-defined buffering, and through the use of an isolation mechanism(which may be thought of as a highly secure semiconductor (i.e.,silicon) firewall). As such, the use of buffering for externalcommunications (i.e., ISO, USB) is necessarily kept outside of thisfirewall for security reasons. Moreover, the internal CPU of a smartcard IC has numerous security mechanisms built into its core to providethe highest possible security between resident applications (e.g., Javaapplets) and the embedded resources (e.g., RAM, ROM, NVRAM, mathematicalmechanisms, encrypted data, particular CPU instructions andfunctionalities, etc.).

Not only do smart cards have a number of features to prevent observationand tampering from the outside world typically not found in other typesof ISO, USB, etc. devices, they also embody well-tuned cores. Thesecores are generally capable of performing lengthy and complexcryptographic algorithms which can produce in minute fractions of asecond results which would take typical computer systems many magnitudesmore time, from minutes to hours, to even weeks or months.

Furthermore, smart card ICs are subject to many constraints that otherISO, USB, etc. devices (and also many other ICs) are not. For example,physical size is often a key limiting factor which effects cost,available RAM, etc. Other such constraints include minimal externalconnectivity requirements, electrical/power constraints, etc. Anotherimportant concern of smart cards is the timeliness and completeness withwhich requested data is generated.

It is in view of the foregoing constraints imposed on smart card ICs(i.e., the silicon firewall, the highly secure CPU core, the exclusivecontrol of the CPU and OS over all else, the specialized internalmachinery, the exhaustive memory protection schema, the variousanti-spy, anti-tamper, anti-attack mechanisms, etc.) that the featuresof the invention can be fully appreciated. That is, all of the aboveconstraints impose a significant burden upon smart card IC design, andthis burden may be substantially reduced in accordance with theteachings of the present invention, as will be appreciated by thoseskilled in the art. It should be further noted that, as used herein,“application” is intended to be broadly construed. For example, anapplication may be a process by which a specified resource is utilized.It may also refer to an operative piece/configuration of software thatperforms a specific task or set of tasks. As such, “applications” mayrun on a host device on top of the kernel and associated USBinfrastructure (i.e., a custom application for viewing on-line financialinformation, to view a movie, listen to downloadable music, authenticatelogging into a computer, etc.). In addition, applications can also takethe form of embedded software programs which run under the robustembedded OS of the smart card. As with PC-based applications, embeddedapplications may be run concurrent with each other, and vie for variousresources and services provided by the smart card and its OS.

Additional features of the invention may be found in co-pendingapplications entitled SMART CARD PROVIDING DATA MAPPING FOR MULTIPLEAPPLICATIONS AND RELATED METHODS; attorney docket number 02-AU-089(52039); SMART CARD WITH SELECTIVELY ALLOCATABLE DATA BUFFERS ANDASSOCIATED METHODS, attorney docket number 02-AU-091 (52041); and SMARTCARD WITH SELF-RECONFIGURATION FEATURES AND RELATED METHODS, attorneydocket number 02-AU-90 (52040), the entire disclosures of which arehereby incorporated herein by reference.

Many modifications and other embodiments of the invention will come tothe mind of one skilled in the art having the benefit of the teachingspresented in the foregoing descriptions and the associated drawings.Therefore, it is understood that the invention is not to be limited tothe specific embodiments disclosed, and that modifications andembodiments are intended to be included within the scope of the appendedclaims.

1. An integrated circuit for a smart card and comprising: at least onedata terminal for providing communications with a host device; and aprocessor for providing an attachment signal on the at least one dataterminal for recognition by the host device, cooperating with the hostdevice to perform an enumeration based upon at least one defaultdescriptor, and based upon a system event, selectively removing theattachment signal from the at least one data terminal and thereafteragain providing the attachment signal on said at least one data terminaland cooperating with the host device to perform a new enumeration basedupon at least one alternate descriptor.
 2. The integrated circuit ofclaim 1 further comprising at least one power terminal connected to saidprocessor, and wherein said processor receives power via said at leastone power terminal during removal of the attachment signal.
 3. Theintegrated circuit of claim 1 wherein the system event comprises asystem utilization metric exceeding a threshold.
 4. The integratedcircuit of claim 1 wherein the system event comprises the occurrence ofattempted unauthorized communications.
 5. The integrated circuit ofclaim 1 wherein said processor monitors communications with the hostdevice during removal of the attachment signal.
 6. The integratedcircuit of claim 1 wherein the at least one alternate descriptorcomprises at least one device descriptor.
 7. The integrated circuit ofclaim 1 wherein the at least one alternate descriptor comprises at leastone configuration descriptor.
 8. The integrated circuit of claim 1wherein the at least one alternate descriptor comprises at least oneinterface descriptor.
 9. The integrated circuit of claim 1 wherein theat least one alternate descriptor comprises at least one endpointdescriptor.
 10. The integrated circuit of claim 1 wherein said at leastone data terminal comprises first and second data terminals fordifferential data signals.
 11. The integrated circuit of claim 1 furthercomprising a USB transceiver connected between said processor and saidat least one data terminal.
 12. A smart card comprising: a smart cardbody; and an integrated circuit carried by said smart card body andcomprising at least one data terminal for providing communications witha host device, and a processor for providing an attachment signal on theat least one data terminal for recognition by the host device,cooperating with the host device to perform an enumeration based upon atleast one default descriptor, and based upon a system event, selectivelyremoving the attachment signal from the at least one data terminal andthereafter again providing the attachment signal on said at least onedata terminal and cooperating with the host device to perform a newenumeration based upon at least one alternate descriptor.
 13. The smartcard of claim 12 wherein said integrated circuit further comprises atleast one power terminal connected to said processor, and wherein saidprocessor receives power via said at least one power terminal duringremoval of the attachment signal.
 14. The smart card of claim 12 whereinthe system event comprises a system utilization metric exceeding athreshold.
 15. The smart card of claim 12 wherein the system eventcomprises the occurrence of attempted unauthorized communications. 16.The smart card of claim 12 wherein said processor monitorscommunications with the host device during removal of the attachmentsignal.
 17. The smart card of claim 12 wherein the at least onealternate descriptor comprises at least one device descriptor.
 18. Thesmart card of claim 12 wherein the at least one alternate descriptorcomprises at least one configuration descriptor.
 19. The smart card ofclaim 12 wherein the at least one alternate descriptor comprises atleast one interface descriptor.
 20. The smart card of claim 12 whereinthe at least one alternate descriptor comprises at least one endpointdescriptor.
 21. The smart card of claim 12 wherein said at least onedata terminal comprises first and second data terminals for differentialdata signals.
 22. The smart card of claim 12 further comprising a USBtransceiver connected between said processor and said at least one dataterminal.
 23. A smart card system comprising: a host device; a smartcard adapter connected to said host device; and a smart card to be readby said smart card adapter and comprising a smart card body and anintegrated circuit carried by said smart card body, said integratedcircuit comprising at least one data terminal for providingcommunications with a host device, and a processor for providing anattachment signal on the at least one data terminal for recognition bysaid host device, cooperating with said host device to perform anenumeration based upon at least one default descriptor, and based upon asystem event, selectively removing the attachment signal from the atleast one data terminal and thereafter again providing the attachmentsignal on said at least one data terminal and cooperating with said hostdevice to perform a new enumeration based upon at least one alternatedescriptor.
 24. The smart card system of claim 23 wherein saidintegrated circuit further comprises at least one power terminalconnected to said processor, and wherein said processor receives powervia said at least one power terminal during removal of the attachmentsignal.
 25. The smart card system of claim 23 wherein the system eventcomprises a system utilization metric exceeding a threshold.
 26. Thesmart card system of claim 23 wherein the system event comprises theoccurrence of attempted unauthorized communications.
 27. The smart cardsystem of claim 23 wherein said processor monitors communications withsaid host device during removal of the attachment signal.
 28. The smartcard system of claim 23 wherein the at least one alternate descriptorcomprises at least one device descriptor.
 29. The smart card system ofclaim 23 wherein the at least one alternate descriptor comprises atleast one configuration descriptor.
 30. The smart card system of claim23 wherein the at least one alternate descriptor comprises at least oneinterface descriptor.
 31. The smart card system of claim 23 wherein theat least one alternate descriptor comprises at least one endpointdescriptor.
 32. The smart card system of claim 23 wherein said at leastone data terminal comprises first and second data terminals fordifferential data signals.
 33. The smart card system of claim 23 furthercomprising a USB transceiver connected between said processor and saidat least one data terminal.
 34. A method for operating a smart cardcomprising at least one data terminal, the method comprising: providingan attachment signal on the at least one data terminal for recognitionby a host device; cooperating with the host device to perform anenumeration based upon at least one default descriptor; and based upon asystem event, selectively removing the attachment signal from the atleast one data terminal and thereafter again providing the attachmentsignal on the at least one data terminal and cooperating with the hostdevice to perform a new enumeration based upon at least one alternatedescriptor.
 35. The method of claim 34 wherein the smart card furthercomprises at least one power terminal connected to the processor, andwherein the smart card receives power via the at least one powerterminal during removal of the attachment signal.
 36. The method ofclaim 34 wherein the system event comprises a system utilization metricexceeding a threshold.
 37. The method of claim 34 wherein the systemevent comprises the occurrence of attempted unauthorized communications.38. The method of claim 34 further comprising monitoring communicationswith the host device during removal of the attachment signal.
 39. Themethod of claim 34 wherein the at least one alternate descriptorcomprises at least one device descriptor.
 40. The method of claim 34wherein the at least one alternate descriptor comprises at least oneconfiguration descriptor.
 41. The method of claim 34 wherein the atleast one alternate descriptor comprises at least one interfacedescriptor.
 42. The method of claim 34 wherein the at least onealternate descriptor comprises at least one endpoint descriptor.
 43. Themethod of claim 34 wherein the at least one data terminal comprisesfirst and second data terminals for differential data signals.
 44. Themethod of claim 34 wherein the smart card operates in a universal serialbus (USB) mode.